Menu visibility control

Video

Events

Startup Surgery

Most Recent

Government & Policy

UK govt reportedly planning to ban encryption following Manchester attack

Investments

PropTech startup SPCE raises £280,210 on crowdfunding platform Seedrs

Investments

RegTech startup Regnosys gets $900,000

Press Releases

Zzish hits £1.15m funding target on Crowdcube for technology that will democratise quality education and move the needle on learning
Okappy announces the launch of its investment pitch on the AngelsDen equity crowdfunding platform
Recruitment disruptor talent.io poised for further growth with €8m investment secured

Why connected vehicle manufacturers should focus on security

driverless cars
twitterlinkedinFacebookgoogle_plustwitterlinkedinFacebookgoogle_plus

John Smith, principal solutions architect at Veracode, discusses why the connected car poses a significant challenge to the global car industry.

Today is one of the most exciting times in the automotive industry’s history.

Cars are communicating with each other, they’re telling us where available parking spaces are and in some cases they’re even doing the parking for us at the touch of a button.

Why staff wellbeing should top your list of priorities

We are also on the brink of the entirely autonomous car – whereby using technology such as radar, GPS, and computer vision – the car can sense the environment, detect its surroundings and navigate without human input.

To many of us, this will have seemed impossible just years ago.

However, the UK government has already outlined plans to conduct trials of driverless cars on its road network by the end of next year.

Its goal is to establish the UK as a ‘global centre for excellence’ in connected and autonomous vehicles.

The Google challenge

While IDC projects the total market for automotive-related Internet of Things to be worth $140.3bn this year, this revenue is not exclusively driven by vehicle manufacturers.

They now face unprecedented competition for market share from component manufacturers and software companies such as Google and Apple.

Not only have these traditional software vendors launched their own infotainment solutions, to provide drivers with seamless access to their mobile operating systems in the car, they are also developing autonomous vehicles themselves.

While the impact these driverless cars pose to the market is yet to be seen, their internal software solutions for the car is already having a significant influence on the industry.

The infotainment system – once regarded as a high-margin, differentiating feature amongst rival manufacturers – is now at risk to the tech giants.

Cyber liability in the connected car

It’s not just revenue that’s at stake here.

If a car falls victim to a cyber-attack through applications in a third-party infotainment system, and has an accident, who is at fault? Moreover, who should be held responsible if an application downloaded to a car – or linked smartphone – has a vulnerability and puts the safety of the car or personal data at risk? And what constitutes “reasonable” efforts to address and fix vulnerabilities in applications in cars?

These are all questions that need answering.

New research, carried out by International Data Corporation (IDC) and commissioned by Veracode, revealed that drivers are no clearer as to where this responsibility lies.

When asked who should be liable if they downloaded an app that resulted in a vulnerability in their car, the majority of drivers (40%) held themselves responsible, a fifth (20%) pointed a finger at the app developers and manufacturers alike, and 17% blamed the app store.

Three years from safety?

Producing this research paper, IDC also conducted in-depth interviews with leading vehicle manufacturers and – following these briefings – predicts a security lag of up to three years before application systems catch up with cyber threats.

With recent media coverage exposing critical vulnerabilities to applications in connected cars – for example allowing a Jeep Cherokee to be hacked remotely and brought to a standstill via a computer – it is of no surprise that half of British drivers are concerned about the security of the connected car.

Confronting the issues

Driver and passenger safety are clearly of paramount importance, and there are several issues manufacturers – and the government – must address to ensure they get this right.

Manufacturers cannot afford to be complacent when it comes to software and application security.

Based on IDC’s research, it seems they are considering two approaches to securing the connected car.

The first is to completely separate infotainment systems from driver functionality, ensuring no links can be made between their applications.

This is easier said than done, with cars being developed to exchange data with cloud-based applications for GPS mapping or with other cars to share real-time information about traffic patterns and road conditions.

The second approach is for the manufacturer to assume responsibility – if not liability – for the complete car ‘package’, regardless of the software and applications it houses and who has downloaded them.

For the government, clear regulatory standards must be enforced to ensure manufacturers, technology vendors and drivers know exactly where they stand.

Technology developments are taking place faster than the government can bring in new statutes, leaving lawmakers stranded at legislative crossroads.

However, with increasing numbers of connected vehicles on our roads, this is an issue that must be addressed today.

What we’re seeing happen in the car industry is a microcosm of what’s happening in financial services, healthcare and virtually every other sector – applications not developed with security in mind, creating a major area of risk.

The key difference here is that an application vulnerability in a car could put somebody’s life in danger, and that is why manufacturers, technology companies and the government must work together to ensure the safety and security of drivers in this connected age.

Enter your email address to receive updates straight to your inbox

* indicates required
Send me news on...
twitterlinkedinFacebookgoogle_plustwitterlinkedinFacebookgoogle_plus

Editor's picks

Amber Rudd

UK govt reportedly planning to ban encryption following Manchester attack
posted 3 hours ago

SPCE

PropTech startup SPCE raises £280,210 on crowdfunding platform Seedrs
posted 4 hours ago

regulation

RegTech startup Regnosys gets $900,000
posted 5 hours ago

Theresa May

The Conservative manifesto: What does it mean for UK tech?
posted 5 hours ago

Quiqup team photo

On-demand delivery firm Quiqup gets £20m as it gears up for global expansion
posted 16 hours ago

David Brown, VE

Ex-CEO of Ve Interactive under investigation for fraud
posted 23 hours ago